Skip Headers
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2)
B14080-02
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

H Configuring OracleAS WebCache for OracleAS Certificate Authority

Oracle offers OracleAS Web Cache to help e-businesses manage Web site and Web-based application performance issues. OracleAS Web Cache is a content-aware server accelerator, or reverse proxy server, that improves the performance, scalability, and availability of Web sites that run on Oracle Application Server.

This Appendix explains how you can deploy OracleAS Web Cache to work with Oracle Application Server Certificate Authority. It provides key instructions and provides references for additional reading that you may find useful during configuration.

Perform the installation in the following stages:

H.1 Install OracleAS WebCache

Install OracleAS Web Cache by installing an instance of Oracle Application Server with the "J2EE and Webcache" component option. Although in practice you can install this instance on the same machine where OracleAS Certificate Authority resides, for testing purposes it is preferable to install OracleAS Web Cache on a different machine with a different hostname.

For more information, see the following:

H.2 Configure OracleAS WebCache for OracleAS Certificate Authority

Configure OracleAS Web Cache for OracleAS Certificate Authority and OracleAS Single Sign-On. Use these steps:

  1. Obtain an SSL server wallet for the machine on which OracleAS Web Cache resides. Use Oracle Wallet Manager for this task.


    Note:

    The CN is the Web Cache host name.

    See the Oracle HTTP Server Administrator's Guide for details.

  2. Use Oracle Enterprise Manager 10g to configure OracleAS Web Cache. From the Application Server Admin Control:

    • Go to webcache -> Administration

    • Under Webcache -> Ports, create Web Cache listener ports. There should be one port for each server, namely Web Cache listener port 4600 for OracleAS Certificate Authority port 6600 (server auth), Web Cache listener port 4601 for OracleAS Certificate Authority port 6601 (mutual auth), and Web Cache listener port 7778 for SSO port 7777 (non-SSL).

      For each port you configure, make sure to check HTTPS, specify Web Cache SSL wallet for SSL server (for example, the OracleAS Certificate Authority server), and client certificate for mutual authentication port, if required. For example, port 4601 should be HTTPS and requires a client certificate.

    • Under Application -> Origin Servers, create origin servers.

      The origin server is the description of the web server (host, port and protocol). There are two origin servers for OracleAS Certificate Authority, the first for https://hostname:6600 and the second for https://hostname:6601.

      There is also an origin server for OracleAS Single Sign-On.

    • Under Application -> Sites, create sites. A site contains the Web Cache hostname, above Listener port and protocol. Click on Advanced to choose HTTPS and Required Client Cert if necessary.

      The site is also mapped to the origin server.

    • Set the SSL wallet for the Web Cache. To accomplish this, go to Webcache -> Security and enter the SSL wallet location.

  3. Restart OracleAS Web Cache.


    Note:

    The Web Cache restart may fail if it runs out of file descriptors. To resolve this problem, see the Oracle Application Server Web Cache Administrator's Guide.

For additional OracleAS Web Cache configuration details, see Oracle Application Server Web Cache Administrator's Guide

For information about configuring OracleAS Single Sign-On for OracleAS Web Cache, see the Oracle Application Server Single Sign-On Administrator's Guide, "Deploying OracleAS Single Sign-On with a Proxy Server".

H.3 Configure OracleAS Certificate Authority Virtual Hosts for OracleAS WebCache

Follow these steps to configure OracleAS Certificate Authority virtual hosts for OracleAS WebCache host and port:

  1. Edit the ocm_apache.conf file, in the server auth virtual host section, as follows:

    1. Change the ServerName to Web Cache hostname (instead of the actual OracleAS Certificate Authority host name)

    2. Add a Port directive with Web Cache port for this virtual host. (for example, Port 4600).

    3. Add the following lines:

      LoadModule certheaders_module libexec/mod_certheaders.so 
      AddCertHeader HTTPS
      AddCertHeader SSL_CLIENT_CERT
      
      
    4. Comment out the following line:

      SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire 
      
      
  2. Execute the command:

    dcmctl updateconfig -ct ohs
    
    
  3. Restart Oracle HTTP Server:

    opmnctl restartproc type=ohs
    
    
  4. On Internet Explorer, you may encounter a bug which you can work around by modifying the $ORACLE_HOME/webcache/internal.xml file. Insert IEHOSTHEADERBUG=SSO_WEBC_PORT in the <MISCELLANEOUS/> tag, where SSO_WEBC_PORT is the Web Cache port mapped to the SSO port.

  5. Restart OracleAS WebCache.


    Note:

    The Web Cache restart may fail if it runs out of file descriptors. To resolve this problem, see the Oracle Application Server Web Cache Administrator's Guide.

H.4 Enable OracleAS WebCache for OracleAS Certificate Authority

Enable OracleAS Web Cache for OracleAS Certificate Authority by executing the following command:

$ORACLE_HOME/bin/sqlplus oca/ocadbpass 
    @$ORACLE_HOME/oca/sql/ocabigipon.sql

If you wish to change the host and port of Web Cache sites for OracleAS Certificate Authority, execute this command:

$ORACLE_HOME/oca/sql/ocabigipoff.sql

followed by:

$ORACLE_HOME/oca/sql/ocabigipon.sql

If you need to disable OracleAS Web Cache for OracleAS Certificate Authority, execute this command:

$ORACLE_HOME/bin/sqlplus oca/ocadbpass 
    @$ORACLE_HOME/oca/sql/ocabigipoff.sql